Kerberos in a heterogeneous environment

Digant C Kasundra digant at
Wed Feb 2 12:07:23 EST 2005

> My question is twofold:
> 1. If there are let's say 12 different Windows apps accessing Oracle,
> do all these apps need to be "Kerberized" or does the fact that Oracle
> by itelf can be Kerberized is sufficient ?

If you are using Oracle Forms, for instance, and something on the Oracle
server side is itself taking the username and password to authenticate
the user, than this alone could be kerberized to achieve the desired
affect.  This would be the simplest way to go about it but not
necessarily the best way, depending on how the username and password are
transmitted to the Oracle app or DB (e.g. if its in clear text, this is
a major security hole).

> 2. Multiple roles: To which extend Kerberos supports this ?  Let's say
> I have 2 different user IDs in Oracle because I have different roles
> within the company, how does that translate into Kerberos ?

I would think one user id in oracle equals one user id in Kerberos.

More information about the Kerberos mailing list